Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 6 Jun 2008 20:53:26 +0200
From:      Ulrich Spoerlein <uspoerlein@gmail.com>
To:        Israel Lehnen Silva <israsilva@gmail.com>
Cc:        hackers@freebsd.org
Subject:   Re: FreeBSD + LDAP + SAMBA + WINDOWS
Message-ID:  <20080606185326.GC1646@roadrunner.spoerlein.net>
In-Reply-To: <5ce468b90805281511h2729be73l65dccdcfe13ad4db@mail.gmail.com>
References:  <5ce468b90805281511h2729be73l65dccdcfe13ad4db@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, 28.05.2008 at 19:11:06 -0300, Israel Lehnen Silva wrote:
> Friends,
> 
> I have the following scenario:
> 
> Server FreeBSD 7.0 Stable authenticating in one basis LDAP through of the
> PAM (pam_ldap and nss_ldap)
> In same server, have running the SAMBA 3.0.28 authenticating too in
> basis LDAP and using the scripts smbldap-tools.
> Tool LDAPAdmin for administration of basis LDAP.
> 
> THE PROBLEM:
> 
> When chang the pass of user in basis LDAP trhough of LDAPAdmin,
> select th cryptograpy "MD5 Crypt" for the atribuct userPassword
> This way, I achieve log in the Windows and FreeBSD by terminal, ssh...
> but when chang pass of user by Windows, the cryptograpy of password in
> atribuct userPassword
> is chanded for SSHA and so not conect in FreeBSD, also just conect in
> windows.
> 
> FreeBSD and SAMBA authenticating in LDAP,
> and changing the password by own user, not interfering in auth of ssh in
> FreeBSD...
> Someone implemented???

Hi,

I think you have this backwards. At our setup, with active samba
password sync users can change their samba{LM,NT}passwords and have
their userPassword updated accordingly. Samba will not change the used
algorithm, though (we use {CRYPT}, don't ask ...)

The other way round though will only update the userPassword and not
change the samba{Lm,NT}passwords leading to the old password still being
valid for Windows.

We're using a small CGI script where our users can change (both)
passwords in their browser.

Cheers,
Ulrich Spoerlein
-- 
It is better to remain silent and be thought a fool,
than to speak, and remove all doubt.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080606185326.GC1646>